Hello! On Sat, Jan 06, 2024 at 11:03:47AM -0800, Jeff Kletsky wrote:
> I believe I have properly configured nginx v1.24.0 (open source) for > IMAP proxy on FreeBSD 14.0. I am, however, unable to establish a TLS > connection to the upstream server. > > I have confirmed that I can connect to the proxy with TLS and that the > auth server is called. The auth server returns the expected Auth-Server > and Auth-Port. The upstream server is on a remote host with Dovecot > running TLS on the standard port of 993. I can see the TCP handshake > between the proxy and Dovecot on both machines, but nginx does not proceed. > > It eventually returns "* BAD internal server error" with the error log > indicating a timeout [...] > I have confirmed using openssl s_client that the connection can be made > from the host running nginx to the host at the expected IP address and port. > > Looking at the source, I did not see an option in the auth-header > parsing related to using TLS upstream. > > Is there a way to use TLS for the IMAP upstream natively (without > needing to configure a port with STARTTLS)? Backend IMAP servers are expected to be plain text, not SSL/TLS. Neither IMAPS nor IMAP with STARTTLS are supported for upstream connections. If you want to use SSL/TLS connections between nginx and backend servers, consider configuring stream{} proxying on the same nginx instance with "proxy_ssl on;" to handle SSL/TLS with the backend servers for you, see http://nginx.org/r/proxy_ssl for details. -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx